Overview

overview

10

Static

static

Raccine/ya...32.exe

windows10_x64

6

Raccine/ya...64.exe

windows10_x64

1

Raccine/ya...32.exe

windows10_x64

1

Raccine/ya...64.exe

windows10_x64

1

Raccine/Raccine.exe

windows10_x64

10

Raccine/Ra...fg.exe

windows10_x64

1

Raccine/Ra...nc.exe

windows10_x64

1

Raccine/Ra...gs.exe

windows10_x64

1

Raccine/Ra...86.exe

windows10_x64

10

Raccine/in...ne.bat

windows10_x64

8

Raccine/pr...NU.exe

windows10_x64

8

Raccine/pr...64.exe

windows10_x64

8

Raccine/pr...86.exe

windows10_x64

7

Raccine/sc...ng.bat

windows10_x64

1

Analysis

  • max time kernel
    426s
  • max time network
    1710s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    06-08-2021 11:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Raccine/scripts/windows-hardening.bat

  • Size

    32KB

  • MD5

    45b6baf36e2cb69bb2c1a605756e42b4

  • SHA1

    0e3b89708529a3fb1a97dcfb7fad4f27dd8a4b80

  • SHA256

    d0651644e6f5e8ba1082f9a1573d0d985821a5ae7f36d52baa2dd224bf052905

  • SHA512

    df790ddc9d82ddf345fe2a65f970b4e0e770448badaa6d675bebe3caff0e6b5d4911af4a7953e2d2d28d65d4a8c6cf2592d5f8f4edc3b91169e22a46a39e5110

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Raccine\scripts\windows-hardening.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Raccine\scripts\windows-hardening.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Windows\system32\findstr.exe
        findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Raccine\scripts\windows-hardening.bat"
        3⤵
          PID:1704
      • C:\Windows\system32\timeout.exe
        TIMEOUT /t 10
        2⤵
        • Delays execution with timeout.exe
        PID:3240
      • C:\Windows\system32\timeout.exe
        TIMEOUT /t 10
        2⤵
        • Delays execution with timeout.exe
        PID:1272

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1272-117-0x0000000000000000-mapping.dmp
      Download
    • memory/1472-114-0x0000000000000000-mapping.dmp
      Download
    • memory/1704-115-0x0000000000000000-mapping.dmp
      Download
    • memory/3240-116-0x0000000000000000-mapping.dmp
      Download